API Gateway 10.7 | Configuring API Gateway | API Gateway Data Management | Cross-Data Center Support | What is Active-Active Mode? | How Do I Set Up the Data Centers in Active-Active Mode Using Composite Operation?
 
How Do I Set Up the Data Centers in Active-Active Mode Using Composite Operation?
This use case explains how to set up the data centers in the active-active mode. When you want to set up the data centers simultaneously, you can use this method.
The data centers are set up in active-active mode using the REST APIs. You can find the REST API in the swagger file APIGatewayDataManagement.json located at SAG_Root/IntegrationServer/instances/default/packages/WmAPIGateway/resources/apigatewayservices.
For example, assume that you have three data centers DC 1, DC 2, and DC 3 in the following landscape:
Data Center Name
Host Name
Region
DC 1
uk.myhost.com
United Kingdom
DC 2
us.myhost.com
United States
DC 3
in.myhost.com
India
In general, the active-active mode can accommodate any number of data centers.
*To set up the data centers in active-active mode
1. Configuring multiple data centers.
Configure and establish connection between multiple data centers in a single step rather than configuring the listener and ring separately using the PUT/rest/apigateway/dataspace/configure REST API. You can invoke this REST API on any one of the data centers (DC 1 or DC 2 or DC 3).
Request: PUT http://uk.myhost.com:5555/rest/apigateway/dataspace/configure.
Sample payload for DC 1 is as follows:

{
"local":
{
"host": "uk.myhost.com",
"syncPort": 4440
},
"remotes":
[
{
"host": "us.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage"
},
{
"host": "in.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage"
}
]
}
Ensure that the local section in the payload contains the details of the data center on which you invoke the REST API. You must have the Manage general administration configurations functional privilege for the API Gateway instance running on the data center to authenticate the unit level operations that are performed simultaneously. If you have multiple API Gateway instances clustered in a data center and when you use load balancer for high availability between the API Gateway instances, then you have to provide the load balancer URL as host in the payload.
HTTP response appears as follows:

{
"local":
{
"host": "uk.myhost.com",
"syncPort": 4440
},
"remotes":
[
{
"host": "us.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage"
},
{
"host": "in.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage"
}
]
}
On successful configuration, the response status code displays as 200 and you can see the corresponding log entry in the Server Logs.
2. Securing the Remote Procedure Call (gRPC) channel.
This is optional. You update the configuration only when you want to secure the gRPC channel. In Cross-DC support, the communication between data centers happens through gRPC channel. Securing the gRPC channel prevents data leaks and cyber attacks. You can secure the gRPC channel of all the data centers by updating the configuration with keystore and truststore information. The gRPC channel is secured by configuring keystore and truststore with self-signed or CA signed certificates. Make sure that you have configured keystore and truststore in the API Gateway instance running on the data center for which you want to secure the gRPC channel. For more information about configuring keystore and truststore, see Keystore and Truststore. This configuration can be updated on anyone of the data centers (DC 1 or DC 2 or DC 3) by invoking the PUT/rest/apigateway/dataspace/configure REST API with keystore and truststore details to secure the gRPC channel.
Request: PUT http://uk.myhost.com:5555/rest/apigateway/dataspace/configure.
Sample payload for DC 1 that uses SSL certificate is as follows:

{
"local": {
"host": "uk.myhost.com",
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true

},
"remotes": [
{
"host": "us.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"US_Key",
"keyAlias":"Key_Alias_US",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
]
}
HTTP response appears as follows:

{
"local": {
"host": "uk.myhost.com",
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true

},
"remotes": [
{
"host": "us.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"US_Key",
"keyAlias":"Key_Alias_US",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 5555,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
]
}
Note:
If you have configured the truststore using CA signed certificate, then in the payload, set "insecureTrustManager": false.
On successful configuration, the response status code displays as 200 and you can see the corresponding log entry in the Server Logs.
3. Configuring data centers to use HTTPS port.
This is optional. You update the configuration, if the API Gateway instances running on the data center use HTTPS port. By default, API Gateway is available on a HTTP port. You can also make API Gateway available on an external HTTPS port to establish a secure connection. If you make API Gateway available on a HTTPS port, then you must update the configuration with the HTTPS port details. Make sure you have added and enabled the HTTPS port in the API Gateway instance running on the data center. You must also make sure that you have configured the listener specific credentials to the added port. For more information on adding HTTPS port, see Adding an HTTPS Port. This configuration can be updated on any one of the data centers (DC 1 or DC 2 or DC 3) by invoking the PUT/rest/apigateway/dataspace/configure REST API with HTTPS port details to secure the ports.
Request: PUT https://uk.myhost.com:2503/rest/apigateway/dataspace/configure.
Sample payload for using secure port is as follows:


{
"local": {
"host": "uk.myhost.com",
"port":2503,
"isHttps": true,
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
"remotes":
[
{
"host": "us.myhost.com",
"port": 2505,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"US_Key",
"keyAlias":"Key_Alias_US",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 2504,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
]
}
HTTP response appears as follows:

{
"local": {
"host": "uk.myhost.com",
"port": 2503,
"isHttps": true,
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias": "Trustpackage",
"insecureTrustManager": true
},
"remotes": [
{
"host": "us.myhost.com",
"port": 2505,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias": "US_Key",
"keyAlias": "Key_Alias_US",
"trustStoreAlias": "Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 2504,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
]
}
On successful configuration, the response status code displays as 200 and you can see the corresponding log entry in the Server Logs.
4. Activating data centers.
Data centers can be activated in two different ways. You can activate each data center separately by invoking the PUT/rest/apigateway/dataspace/activate REST API from each data center or activate all the data centers in this mode at a time by invoking the PUT/rest/apigateway/dataspace/activateAll?mode= ACTIVE_RING REST API once on any one of the data centers.
*Activating individual data centers.
You can activate DC 1, DC 2, and DC 3 separately using the PUT/rest/apigateway/dataspace/activate REST API.
Request: PUT https://uk.myhost.com:2503/rest/apigateway/dataspace/activate.
Sample payload for DC 1 is as follows:

{
"mode": "ACTIVE_RING"
}
HTTP response appears as follows:

{
"mode": "ACTIVE_RING"
}
Note:
Similarly, you can activate DC 2 and DC 3 data centers by invoking the PUT/rest/apigateway/dataspace/activate REST API with the respective payloads.
On successful activation, the response status code displays as 200 and you can see the corresponding log entry in the Server Logs.
*Activating multiple data centers.
You can activate DC 1, DC 2, and DC 3 data centers in a single step using the PUT/rest/apigateway/dataspace/activateAll?mode= ACTIVE_RING REST API on any one of the data centers (DC 1 or DC 2 or DC 3).
Request: PUT https://uk.myhost.com:2503/rest/apigateway/dataspace/activateAll?mode= ACTIVE_RING.
Sample payload for DC 1 is as follows:

{
"local": {
"host": "uk.myhost.com",
"port":2503,
"isHttps": true,
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
"remotes":
[
{
"host": "us.myhost.com",
"port": 2505,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"US_Key",
"keyAlias":"Key_Alias_US",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 2504,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
]
}
HTTP response appears as follows:

{
"mode": "ACTIVE_RING",
"local": {
"host": "uk.myhost.com",
"port": 2503,
"isHttps": true,
"syncPort": 4440,
"keyStoreAlias":"UK_Key",
"keyAlias":"Key_Alias_UK",
"trustStoreAlias": "Trustpackage",
"insecureTrustManager": true
},
"remotes": [
{
"host": "us.myhost.com",
"port": 2505,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias": "US_Key",
"keyAlias": "Key_Alias_US",
"trustStoreAlias": "Trustpackage",
"insecureTrustManager": true
},
{
"host": "in.myhost.com",
"port": 2504,
"isHttps": true,
"syncPort": 4440,
"userName": "Administrator",
"password": "manage",
"keyStoreAlias":"IN_Key",
"keyAlias":"Key_Alias_IN",
"trustStoreAlias":"Trustpackage",
"insecureTrustManager": true
}
],
"acknowledged": true
}
On successful activation, the response status code displays as 200and you can see the corresponding log entry in the Server Logs.
You can validate whether the data center is activated in the respective mode by reading the current configuration of the data center using the GET/rest/apigateway/dataspace REST API. For more information, see How Do I Read the Current Configuration of the Data Center?.
Note:
In active-active, if any one of the data center (DC 1 or DC 2 or DC 3) goes down, then that data center is removed from the ring. When the same data center is restored back, then that data center gets added to the ring automatically. If you want to add one more new data center (DC 4) to the ring, then you have to update the configuration with DC 4.